Category Archives: Security

Turla: Spying tool targets governments and diplomats

Cyberespionage group uses sophisticated malware to target former Eastern Bloc countries.

Security expert calls home routers a clear and present danger

LAS VEGAS—During his keynote and a press conference that followed here at the Black Hat information security conference, In-Q-Tel Chief Information Security Officer Dan Geer expressed concern about the growing threat of botnets powered by home and small office routers. The inexpensive Wi-Fi routers commonly used for home Internet access—which are rarely patched by their owners—are an easy target for hackers, Geer said, and could be used to construct a botnet that "could probably take down the Internet." Asked by Ars if he considered home routers to be the equivalent of critical infrastructure as a security priority, he answered in the affirmative.

Geer spoke about the threat posed by home routers in advance of "SOHOpelessly Broken," a router hacking contest scheduled for the DEF CON security conference later this week sponsored by the Electronic Frontier Foundation. "Because they are so cheap, you can get a low-end router for less than 20 bucks that hasn't been updated in a while," Geer explained.

Attackers could identify vulnerabilities in particular models and then scan the Internet for targets based on the routers' signatures. "They can then build botnets on the exterior of the network—the routing that it does is only on side facing ISPs," he said. "If I can build a botnet on the outside of the routers, I could probably take down the Internet."

Read 2 remaining paragraphs | Comments

CIA’s venture firm security chief: US should buy zero-days, reveal them

Dan Geer, speaking at Black Hat, outlined a series of policies he believes will help make the Internet more secure.
Sean Gallagher

LAS VEGAS—In a wide-ranging keynote speech at the Black Hat information security conference today, computer security icon Dan Geer gave attendees a sort of personal top 10 list of things that could be done to make the Internet more secure, more resilient, and less of a threat to personal privacy. Among his top policy picks: the US government should move to “corner the market” on security vulnerabilities by paying top dollar for them and then publish them to the world.

Geer is the chief information security officer for In-Q-Tel, the not-for-profit venture capital firm funded by the Central Intelligence Agency to incubate technologies that aid intelligence operations. However, he noted that he was speaking in a private capacity at the event and not as a public official.

“We could pay 10 times the market price" for zero-day vulnerabilities, Geer said. “If we make them public, we zero the inventory of cyber weapons where it stands.”

Read 24 remaining paragraphs | Comments

Internet Explorer to start blocking old Java plugins

This month's Patch Tuesday update for Internet Explorer will include a new feature: it will block out-of-date ActiveX controls.

More specifically, it will block out-of-date versions of the Java plugin. Although Microsoft is describing the feature as an ActiveX block, the list of prohibited plugins is currently Java-centric. Stale versions of Flash and Silverlight will be able to stick around, at least for now, though Microsoft says that other out-of-date ActiveX controls will be added to the block list later.

Old, buggy versions of the Java plugin have long been used as an exploit vector, with Microsoft's own security report fingering Java in 84.6 to 98.5 percent of detected exploit kits (bundles of malware sold commercially). Blocking obsolete Java plugins should therefore go a long way toward securing end-user systems.

Read 1 remaining paragraphs | Comments

Yahoo Ads Serve Mobile Fake Alerts

“Android Armour,” a malicious knockoff of Armor For Android, has been circulating for some time with no end in sight, perhaps due in part to advertisements over Yahoo’s ad network.  I happened to recently be served a couple myself.  The lure starts off with some alarming pop-up dialog prompts:

SS1     ss2


Which lead to fake scanning web pages:

ss3     ss4


And ultimately a prompt to download the Scan-For-Viruses-Now.apk application. (You should heed Android’s warning.)

ss5     ss3b

Should the user proceed in installing the off-marketplace app (assuming the device has been configured to allow the installation of apps from unknown services), a copycat version of Armor For Android is executed.  The app proceeds to identify a phantom threat, which it is happy to remove for a mere $0.99 per day.

ss6     ss7


The certificate contained in the APK file is a tip-off, not that most victims would ever see it:

The majority of Android malware is delivered through side channels rather than approved app stores. This serves a reminder to stay on the beaten path. Don’t take the bait offered by browser pop-up windows claiming to have discovered an infection on your device, but rather seek out reputable applications to verify your security.

Unique McAfee Mobile Security devices reporting detections of Android Armour malware over the past 30 days:

The post Yahoo Ads Serve Mobile Fake Alerts appeared first on McAfee.

HoneyDrive 3 Released – The Premier Honeypot Bundle Distro

A new version of HoneyDrive, HoneyDrive 3 has been released codenamed Royal Jelly, Honeypots in a box is a great concept if you want to deploy a honeypot quickly without too much hassle. HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains [...] The post...

Read the full post at

Copyright © 2014. Powered by WordPress & Romangie Theme.